All Versions
Latest Version
Avg Release Cycle
47 days
Latest Release
235 days ago

Changelog History
Page 5

  • v3.6.2 Changes

    May 19, 2017
    • ๐Ÿ– Handle safe call operator in checks
    • ๐Ÿ‘ Better handling of if expressions in HAML rendering
    • โœ‚ Remove --rake option
    • Properly handle template names without .html or .js
    • ๐Ÿ‘ Set template file names during rendering for better errors
    • Limit Slim dependency to before 3.0.8
    • ๐Ÿ“œ Catch YAML parsing errors in session settings check
    • โš  Avoid warning about SQLi with to_s in exists?
    • โšก๏ธ Update RubyParser to 3.9.0
    • 0๏ธโƒฃ Do not honor additional check paths in config by default
    • ๐Ÿ– Handle empty if expressions when finding return values
    • ๐Ÿ›  Fix finding return value from empty if
  • v3.6.1 Changes

    March 24, 2017
    • ๐Ÿ›  Fix error when using --compare (Sean Gransee)
  • v3.6.0 Changes

    March 23, 2017
    • Avoid recursive Concerns
    • Branch inside of case expressions
    • ๐Ÿ–จ Print command line option errors without modification
    • ๐Ÿ›  Fix issue with nested interpolation inside SQL strings
    • Ignore GraphQL tags inside ERB templates
    • โž• Add --exit-on-error (Michael Grosser)
    • Only report CVE-2015-3227 when exact version is known
    • Check targetless SQL calls outside of known models
  • v3.5.0 Changes

    February 01, 2017
    • ๐Ÿ‘ Allow -t None
    • Fail on invalid checks specified by -x or -t
    • โš  Avoid warning about all, first, or last after Rails 4.0
    • โš  Avoid warning about models in SQLi
    • Lower confidence of SQLi when maybe not on models
    • Warn about SQLi even potentially on non-models
    • Report check name in JSON and plain reports
    • Treat templates without .html as HTML anyway
    • โž• Add --ensure-latest option (tamgrosser / Michael Grosser)
    • โž• Add --no-summary to hide summaries in HTML/text reports
    • ๐Ÿ– Handle included block in concerns
    • ๐Ÿ–จ Process concerns before controllers
  • v3.4.1 Changes

    November 02, 2016
    • ๐Ÿ‘‰ Show action help at start of interactive ignore
    • Check CSRF setting in direct subclasses of ActionController::Base (Jason Yeo)
    • ๐Ÿ”ง Configurable engines path (Jason Yeo)
    • ๐Ÿ’Ž Use Ruby version to turn off SymbolDoS check
    • ๐Ÿ’Ž Pull Ruby version from .ruby-version or Gemfile
    • Avoid warning about where_values_hash in SQLi
    • ๐Ÿ›  Fix ignoring link interpolation not at beginning of string
  • v3.4.0 Changes

    September 08, 2016
    • โž• Add new plain report format
    • โž• Add option to prune ignore file with -I
    • ๐Ÿ‘Œ Improved Slim template support
    • ๐Ÿ‘‰ Show obsolete ignore entries in reports (Jonathan Cheatham)
    • ๐Ÿ‘Œ Support creating reports in non-existent paths
    • โž• Add --no-exit-warn
  • v3.3.5 Changes

    August 12, 2016
    • ๐Ÿ›  Fix bug in reports when using --debug option
  • v3.3.4 Changes

    August 12, 2016
    • โž• Add generic warning for CVE-2016-6316
    • Warn about dangerous use of content_tag with CVE-2016-6316
    • โž• Add warning for CVE-2016-6317
    • โœ… Use Minitest
  • v3.3.3 Changes

    July 21, 2016
    • ๐Ÿš… Show path when no Rails app found (Neil Matatall)
    • Index calls in view helpers
    • ๐Ÿ–จ Process inline template renders
    • โš  Avoid warning about hashes in link_to hrefs
    • โž• Add documentation for authentication category
    • Ignore boolean methods in render paths
    • โฌ‡๏ธ Reduce open redirect duplicates
    • ๐Ÿ›  Fix SymbolDoS error with unknown Rails version
    • Sexp#value returns nil when there is no value
    • ๐Ÿ‘Œ Improve return value estimation
  • v3.3.2 Changes

    June 10, 2016
    • ๐Ÿ›  Fix serious performance regression with global constant tracking